CyberStrong for DFARS NIST SP 800-171
Defense Contractors: Accelerate NIST SP 800-171 Compliance
iStock-537331500-mod.jpg

CyberSaint Security Expert Thought: Cybersecurity Strategy, News & More

Expert leading thought on cybersecurity. 

CyberSaint Blog: Expert Thought

The ABA Handbook's One Important Takeaway: Your Law Firm Might Be Lagging On Cyber

Although an increasing number of businesses across the United States have taken up the project of adopting the NIST Cybersecurity Framework for their vendors and suppliers, the legal community is lagging on adopting this set of best practices. Under the Obama administration, and a 2014 executive order, the NIST Cybersecurity Framework or “The Framework” was developed with collaborative input across industries focusing on critical infrastructure security.

The ABA states that “The Framework is arguably one of the most significant documents released by NIST in the recent past, maybe ever. It already has had a definite impact on the private sector and the supply chain that currently services the nation’s critical infrastructure.”

ABA.Cyber

Although the ABA is in full support, it seems that the legal sector is less than proactive about protecting its data. According to the ABA handbook released just last week, that “The value of efficient supply chains is well recognized in the business world, but law firms have been slow to recognize the trend and are catching up with their clients by viewing their work as a piece of the whole, and altering their legal service models to become value-added partners to their clients for whom supply chain management is a key profitability component.” The ABA’s “Cybersecurity Handbook: A Resource for Attorneys, Law Firms, and Business Professionals” is available online, and recommends the best practices for the legal sector related to cybersecurity.

Ultimately, the ABA handbooks notes, failure to recognize and act on these threats could threaten the viability of law firms themselves, in the case of data breach and a high probability that would result in lawsuits indicating negligence.

The law firm would experience “loss of client communication; loss of clients, revenue, and competitiveness; loss of data and unintentional disclosures; and claims for damages due to negligent acts and omissions arising from cyber incidents” according to the ABA.


Interested in Implementing The NIST Framework in Your Organization? Read the FREE NIST Cybersecurity Framework Guide for a List of Benefits and Strategies.


The call to action for these firms? “all law firms need to be prepared for a cyber disaster by having a robust and secure network in place and recognizing and implementing best practices”.

The NIST Cybersecurity Framework is held in high regard within the handbook and the ABA, as it is highly encouraged that legal entities begin adopting these cyber best practices seeing as they align with many of the cyber-related issues that can arise in a legal organization - including incident response, due diligence, and negligence. The ABA recommends its use to reduce cyber risk and also for legal entities to avoid legal issues themselves.

The Framework is a catalyst for cybersecurity strength in the organizations that choose to integrate it into their existing or growing program. It is time for organizations across all sectors to be proactive about managing and strengthening their cyber programs. 

The CyberStrong™ PowerControls™ can now give visibility in your organization, both visually and through metrics, on all 5 NIST Cybersecurity Framework Functions: Identify, Protect, Detect, Respond, and Recover, in just a few hours. Not only can you see where your existing program stands, but you can also view your goals and objectives for remediation and improvement on the same report. In addition, you will receive AI-powered intelligent recommendations based on your cost-impact preferences on how to begin or continue implementing the Framework, and similar recommendations based on the top threats in your landscape. A project that used to take months, or even an entire calendar year in some cases, just became a three hour process from beginning to end.